Merge ~pelpsi/turnip/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into ~canonical-launchpad-branches/turnip/+git/dependencies:master
Proposed by
Simone Pelosi
Status: | Merged |
---|---|
Approved by: | Simone Pelosi |
Approved revision: | b57ddda3727bb7a92169c368c0f6ba283dc72cd6 |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | ~pelpsi/turnip/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability |
Merge into: | ~canonical-launchpad-branches/turnip/+git/dependencies:master |
Diff against target: |
4 lines (+0/-0) 0 files modified
|
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Guruprasad | Approve | ||
Review via email: mp+440163@code.launchpad.net |
Commit message
Upgraded gunicorn to fix HTTP request smuggling vulnerability
A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.
To post a comment you must log in.
LGTM 👍🏼 But, afaik, we have a process of not removing the existing version when adding a newer version and the older version removed later separately when the older version is not used anywhere.